Cybersecurity and the Naval Industry

There is a rarely discussed aspect to the high-profile data
breaches of Target and Home Depot. In both cases the installation of malware
was achieved through small companies who were working with the retail giants,
and in both of these cases, the smaller companies were forced out of business
as a result.

What these incidents highlight is the growing risk created
by the supply chain. In March 2017, the New York State Department of Financial
Services – Cybersecurity Requirements for Financial Services Companies (23
NYCRR 500) legislation was introduced. As part of this legislation, the
industry is now required to include their supply chain as part of their overall
risk matrix. This means that for suppliers dealing with a financial services organization
there is now an increased responsibility to document and demonstrate a certain
level of cybersecurity maturity in order to conduct business. While some have complained
that this would limit market access for small to medium-sized businesses,
others have commended the industry for being the first to acknowledge the
increasing connectivity we have to others, and the risks that this creates.

In the defence sector, the discussion around risk and supply
chain is longstanding. In December 2018, The Aerospace Industries Association
(AIA), an Arlington, Virginia based trade association that lobbies on behalf of
defense contractors, released a set of voluntary standards designed to help
U.S. aerospace companies ensure the weapons systems they make for the U.S.
military are secure against cyber attacks. With this announcement, the AIA
acknowledged that U.S. defense companies now see cybersecurity as part of their
competitive advantage as they build complex systems for the military. A
Memorandum of Understand (MOU) was signed between Israeli-based Naval Dome and
UK’s Lloyds Register (LR) in 2017, in order to develop a set of standards and
guidelines for maritime cyber defence. While the standards continue to be
developed, both organizations report significant progress during the pilot
testing phases.

In Canada, the focus of late has been on the use of foreign
materials in the building of and upgrades to Canadian military vessels. CBC
released a report last year indicating that François​-Philippe Champagne, who
was international trade minister at the time, had made an official inquiry to
the Department of National Defence. Mr. Champagne who was engaged in the NAFTA
negotiations with the U.S. Government indicated that the Americans were
becoming increasingly concerned with the involvement of Chinese companies in
the defence and high-tech sectors in Canada.

Those working within the cybersecurity sector have also been
quite vocal around Chinese affiliations, especially in regard to Chinese
telecom giant Huawei. On the manufacturing side, in the Information Note
prepared for Minister Harjit Sajjan, procurement officials indicated that while
many materials require offshore sourcing only 17 per cent of the naval vessels
contained Chinese steel.

In 2013, naval engineer Qing Quentin Huang who worked for
Lloyd’s Register, a subcontractor of Irving Shipbuilding Inc., was arrested in
Burlington, Ontario and accused of trying to spy for China on Canadian
shipbuilding plans. Huang was charged under the Security of Information Act
with attempting to communicate secret information to a foreign power. Mr. Huang,
who remains on bail and continues to profess innocence, is asking for the
charges to be dismissed as the federal government continues to challenge the
questions around disclosure of sensitive government intelligence. Prosecutors
contend that virtually all of the redactions were covered by a section of the
Canada Evidence Act that allows the government to shield information from
disclosure due to national security concerns. With tensions increasingly
elevated after the detainment of Huawei’s Chief Financial Officer, the
relationship between China and Canada – as it pertains to national security,
technology and innovation – remains uncertain moving forward.

From an innovation and manufacturing perspective, we are seeing an increased focus on security as it relates to the next generation of military vessel. Ken Hansen, an independent defence and security analyst and owner of Hansen Maritime Horizons, recently wrote an article for Macleans magazine in which he stated that the Canadian military and shipbuilding industry were at a crossroads since the status quo of ship designs would no longer comply with the growing use of technology and innovation in targeted military attacks. In other words, a ship’s cyber “firepower” was becoming just as important as the other weapons housed. With that change in strategy comes the reality that this will impact design, technology requirements, and skills required to operate these new breeds of ships.

The U.S. Inspector General’s office released a report indicating
that, overall, the Pentagon was not taking basic cybersecurity steps to protect
its ballistic missile system. Although the Pentagon’s weapons are worth roughly $1.66 trillion, the
October report found that “nearly all” American missiles, jets, ships and
lethal equipment in development are vulnerable to cyberattacks. As a result,
the Navy is now looking at three areas of research to help bolster future cyber
readiness. They include Deception Tactics, Dynamic Configuration and Artificial
Intelligence. These studies will be carried out with both academic and private
sector partners.

As the landscape of the global naval defence sector
continues to evolve and change, Canada should – and must – watch, learn and
adapt to what others are doing to address the cyber threats of the future. The
concept of “secure by design” must be embraced in all stages of design and
deployment moving forward.

Advertisement

Latest Tweets

Advertisement

Advertisement

Opportunities Powered by OMX

About

Vanguard is Canada’s oldest trade journal of record that provides a forum for Canada’s security and defence community, discussing strategic perspectives and overviews of government and military policy and practice, through interviews with leading practitioners and contributions from renowned experts, including representatives from industry.